我的书签
添加书签
移除书签Windows Forensic
Windows Registry
Enumeration
require 'win32/registry'# List keyskeyname = 'SOFTWARE\Clients'access = Win32::Registry::KEY_ALL_ACCESSWin32::Registry::HKEY_LOCAL_MACHINE.open(keyname, access).keys# List all MAC address keyskeyname= 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged'access = Win32::Registry::KEY_ALL_ACCESSWin32::Registry::HKEY_LOCAL_MACHINE.open(ketname, access).keyskeyname= 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged'access = Win32::Registry::KEY_ALL_ACCESSWin32::Registry::HKEY_LOCAL_MACHINE.open(keyname, access) do |reg|;reg.each_key{|k, v| puts k, v}end
Note: KEY_ALL_ACCESS enables you to write and deleted. The default access is KEY_READ if you specify nothing.
